Hi Fabrice, > Hi all, > This topic came up in my previous one about window placement, and I'd like to > go further. > So currently there is no such thing as Global shortkeys and keyboard focus, > however let me present a typical real use-case: > [...] > > Now, I've read some vague things about privileged clients, is it still being > considered ?
Note that most of the formalisation that occurred was done by Martin Peres from Nouveau (and to a lesser extent myself; I'm not a Wayland dev at all though). We're hoping to have a number of PoC demos of privileged clients for XDC but are both really really busy with our research (both PhD students). It's not clear if we will have implemented stuff to demonstrate... If you want/need to work on global shortcuts in the next weeks I can make an effort to make our latest discussions and plans available in a concise form. > Would it be some Android-like capabilities that the user validates on > installation or the first time they are required by the application ? > What are the plans for these 2 key features ? We only discussed what the privileges are. Intercepting global shortcuts is a privilege so your app would need to either: - have a capability to register a global shortcut itself - be entitled by a trusted third party to using a specific global shortcut A capability should be granted to a package by a distributor, most likely. This means distros who care about security would setup a process to verify why app devs/packagers want a capability for their app (whilst allowing core projects such as DEs/distro apps to have privileges and be deployable right away). The second point is a bit fuzzier, especially for global shortcuts. For some privileged interfaces once apps can be sandboxed on Linux, [and once I've written a decently secure UI embedding protocol *], they can be given widgets from a trusted third-party that the user can interact with to organically grant privileges. Apps should also have some nice APIs for opening and exporting resources in a secure way. You can tell that it's hard to find out how to provide a global shortcut UI abstraction that is unambiguous to users, especially since I understand your app will be GUI-less. Xfce has a GUI for assigning global shortcuts to commands, and I believe other DEs do as well. This utility will typically be the one holding a capability for intercepting any global shortcut. Your app should normally not qualify for such a privilege, so make your event triggerable via a CLI call and get users to assign the shortcut to your app. If DEs are willing to grant you full global shortcut privileges without assessing who you are, what your app does and in what ways your app can be compromised, they will probably have security issues in the future. Feel free to work with distrubotrs to sketch out a process for granting and revoking capabilities to third-party apps, etc. but I think this problem goes well beyond the scope of Wayland privileged interfaces! PS: you were the person proposing to let apps know or adjust their position on the screen? This, typically, creates vulnerabilities and makes trusted UI embedding much harder if not compromised. If you have specific use-cases that need to be supported, please come discuss them with us (#wayland-security on Freenode or this ML, I guess) so we can think of secure ways to support your needs without compromising the separation between clients and trusted UIs. Thanks,?? -- Steve Dodier-Lazaro PhD student in Information Security University College London Dept. of Computer Science Malet Place Engineering, 6.07 Gower Street, London WC1E 6BT OpenPGP : 1B6B1670?
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
